/*
 * $Header:
 * /home/jerenkrantz/tmp/commons/commons-convert/cvs/home/cvs/jakarta-commons
 * //httpclient/src/java/org/apache/commons/httpclient/auth/AuthPolicy.java,v
 * 1.6 2004/05/13 04:02:00 mbecke Exp $ $Revision: 480424 $ $Date: 2006-11-29
 * 06:56:49 +0100 (Wed, 29 Nov 2006) $
 *
 * ====================================================================
 *
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements. See the NOTICE file distributed with this
 * work for additional information regarding copyright ownership. The ASF
 * licenses this file to You under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many individuals on
 * behalf of the Apache Software Foundation. For more information on the Apache
 * Software Foundation, please see <http://www.apache.org/>.
 */

package com.microsoft.tfs.core.httpclient.auth;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 * Authentication policy class. The Authentication policy provides corresponding
 * authentication scheme interfrace for a given type of authorization challenge.
 * <p>
 * The following specifications are provided:
 * <ul>
 * <li><tt>Basic</tt>: Basic authentication scheme as defined in RFC2617
 * (considered inherently insecure, but most widely supported)
 * <li><tt>Digest</tt>: Digest authentication scheme as defined in RFC2617
 * <li><tt>NTLM</tt>: The NTLM scheme is a proprietary Microsoft Windows
 * Authentication protocol (considered to be the most secure among currently
 * supported authentication schemes)
 * </ul>
 *
 * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
 *
 * @version $Revision: 480424 $
 * @since 3.0
 */
public abstract class AuthPolicy {
    private static final HashMap SCHEMES = new HashMap();
    private static final ArrayList SCHEME_LIST = new ArrayList();

    /**
     * The key used to look up the list of IDs of supported {@link AuthScheme
     * authentication schemes} in their order of preference. The scheme IDs are
     * stored in a {@link java.util.Collection} as {@link java.lang.String}s.
     *
     * <p>
     * If several schemes are returned in the <tt>WWW-Authenticate</tt> or
     * <tt>Proxy-Authenticate</tt> header, this parameter defines which
     * {@link AuthScheme authentication schemes} takes precedence over others.
     * The first item in the collection represents the most preferred
     * {@link AuthScheme authentication scheme}, the last item represents the ID
     * of the least preferred one.
     * </p>
     *
     * @see com.microsoft.tfs.core.httpclient.params.DefaultHttpParams
     */
    public static final String AUTH_SCHEME_PRIORITY = "http.auth.scheme-priority";

    /**
     * The SPNEGO ("negotiate") scheme as defined in RFC4559.
     */
    public static final String NEGOTIATE = "Negotiate";

    /**
     * The NTLM scheme is a proprietary Microsoft Windows Authentication
     * protocol (considered to be the most secure among currently supported
     * authentication schemes).
     */
    public static final String NTLM = "NTLM";

    /**
     * Digest authentication scheme as defined in RFC2617.
     */
    public static final String DIGEST = "Digest";

    /**
     * Basic authentication scheme as defined in RFC2617 (considered inherently
     * insecure, but most widely supported)
     */
    public static final String BASIC = "Basic";

    static {
        /*
         * Negotiate and NTLM are handled by com.microsoft.tfs.jni, and may or
         * may not actually be available.
         */
        if (NegotiateScheme.isSupported()) {
            AuthPolicy.registerAuthScheme(NEGOTIATE, NegotiateScheme.class);
        }

        if (NTLMScheme.isSupported()) {
            AuthPolicy.registerAuthScheme(NTLM, NTLMScheme.class);
        }

        AuthPolicy.registerAuthScheme(DIGEST, DigestScheme.class);
        AuthPolicy.registerAuthScheme(BASIC, BasicScheme.class);
    }

    /** Log object. */
    protected static final Log LOG = LogFactory.getLog(AuthPolicy.class);

    /**
     * Registers a class implementing an {@link AuthScheme authentication
     * scheme} with the given identifier. If a class with the given ID already
     * exists it will be overridden. This ID is the same one used to retrieve
     * the {@link AuthScheme authentication scheme} from
     * {@link #getAuthScheme(String)}.
     *
     * <p>
     * Please note that custom authentication preferences, if used, need to be
     * updated accordingly for the new {@link AuthScheme authentication scheme}
     * to take effect.
     * </p>
     *
     * @param id
     *        the identifier for this scheme
     * @param clazz
     *        the class to register
     *
     * @see #getAuthScheme(String)
     * @see #AUTH_SCHEME_PRIORITY
     */
    public static synchronized void registerAuthScheme(final String id, final Class clazz) {
        if (id == null) {
            throw new IllegalArgumentException("Id may not be null");
        }
        if (clazz == null) {
            throw new IllegalArgumentException("Authentication scheme class may not be null");
        }
        SCHEMES.put(id.toLowerCase(), clazz);
        SCHEME_LIST.add(id.toLowerCase());
    }

    /**
     * Unregisters the class implementing an {@link AuthScheme authentication
     * scheme} with the given ID.
     *
     * @param id
     *        the ID of the class to unregister
     */
    public static synchronized void unregisterAuthScheme(final String id) {
        if (id == null) {
            throw new IllegalArgumentException("Id may not be null");
        }
        SCHEMES.remove(id.toLowerCase());
        SCHEME_LIST.remove(id.toLowerCase());
    }

    /**
     * Gets the {@link AuthScheme authentication scheme} with the given ID.
     *
     * @param id
     *        the {@link AuthScheme authentication scheme} ID
     *
     * @return {@link AuthScheme authentication scheme}
     *
     * @throws IllegalStateException
     *         if a scheme with the ID cannot be found
     */
    public static synchronized AuthScheme getAuthScheme(final String id) throws IllegalStateException {

        if (id == null) {
            throw new IllegalArgumentException("Id may not be null");
        }
        final Class clazz = (Class) SCHEMES.get(id.toLowerCase());
        if (clazz != null) {
            try {
                return (AuthScheme) clazz.newInstance();
            } catch (final Exception e) {
                LOG.error("Error initializing authentication scheme: " + id, e);
                throw new IllegalStateException(
                    id + " authentication scheme implemented by " + clazz.getName() + " could not be initialized");
            }
        } else {
            throw new IllegalStateException("Unsupported authentication scheme " + id);
        }
    }

    /**
     * Returns a list containing all registered {@link AuthScheme authentication
     * schemes} in their default order.
     *
     * @return {@link AuthScheme authentication scheme}
     */
    public static synchronized List getDefaultAuthPrefs() {
        return (List) SCHEME_LIST.clone();
    }
}
